fix: bound decode allocation by decoded elements, not remaining bytes#417
Conversation
|
This looks good to me. One small remaining allocation-hardening case in the same decoder: let len = buf.try_get_u32().map_err(|_| Error::EndOfBuffer)? as usize;
let mut bytes = vec![0u8; len];
buf.try_copy_to_slice(&mut bytes)
.map_err(|_| Error::EndOfBuffer)?;A malformed checkpoint/state blob could set if len > buf.remaining() {
return Err(Error::EndOfBuffer);
} |
|
Update(210a427):
|
|
Looks good to me. I re-checked the broader #314 pattern, and the risky Optional test nit: a few of the regression tests stop immediately after the huge count, so |
210a427 to
d4873d9
Compare
Addresses #314.
Changes: